CONTINUE TO SITE »
or wait 15 seconds

Security

How to protect ATMs from advanced threats

As the technical capabilities of ATMs have increased, criminals have also improved their physical and digital methods to steal cash and consumer data from the machines. To protect ATMs, businesses must fully understand all of the threats against them.

How to protect ATMs from advanced threatsImage via Adobe Stock


| by Simon Powley — Head of Advisory Services, Diebold Nixdorf

ATMs play a key role in driving financial inclusion worldwide. In addition to freeing up staff to assist customers with more complex transactions, they also enable banks to maintain a physical presence in locations without branches, ensuring that communities still have critical access to cash and core banking services.

However, as the technical capabilities of ATMs have increased, so has the sophistication of physical and digital attacks looking to access the cash and consumer data that ATMs store. To ensure this critical staple of commerce remains available and accessible, businesses must fully understand the current global and regional-specific threats to both physical and digital bank property.

Security breaches rise

According to the recent NielsenIQ International Retail Banking Consumer and Technology Survey of 12,000 people across 11 countries, 10% of consumers experienced an ATM security breach or became aware of one over a period of 12 months. Businesses should beware of losses from consumer sensitivity to security issues going unnoticed: The data as well showed that respondents who experience or become aware of a security breach are 2.5 times more likely to reduce business or make a purchase with another provider.

Whether ATM attacks manifest as physical or digital attacks, it's clear that the ATM channel is still viewed as a lucrative target for criminals looking to quickly gain access to cash and consumer data. The key to successfully maintaining a highly-secure channel is to protect not only the ATM but also the entire ecosystem around it. Overcoming these challenges requires a deeper knowledge of the various methods that have been developed to both physically and digitally crack into ATMs in recent years as well as proactive countermeasures that reduce risk and deter future attacks.

Digital threats increase

Today's digital threats to ATMs are more advanced than ever, and smarter digital attacks call for smarter digital defenses. Black boxes, ATM malware and more insidious technologies are a growing threat to ATM fleets, despite being less visible than physical security breaches.

Financial losses and the risk for damage to the brand can be significant. Today, the most common type of data attack is skimming, which can include bezel, throat inlay skimming or deep insert skimming, and all continue to pose issues as some skimmers are now only millimeters thick. Ensuring that consumers' assets (cash and data) are safe requires a concerted effort that prioritizes making constant updates and keeping a record of current configurations.

Proactive measures needed

Businesses that deploy ATMs should streamline all the data they collect into one comprehensive, centralized system that provides the most up-to-date inventory of fleet devices, hardware and software components. Proactive protection will not only aid in detecting threats in real-time to stop bad actors from manipulating data, but also ensure that businesses are prepared to discover new threats sooner and implement protections quicker.

While some attacks aim to access the card data of users or the inner workings of the ATM terminal, others take the most direct route: brute force. While these brute force attacks are not a new phenomenon, defending against this new breed of physical attacks requires an understanding of how they have evolved. The two most prominent types of physical attacks that ATMs now face are explosive attacks and "hook and chain" attacks.

Explosive attacks pose a major threat due to the destruction of not just the ATM, which alone can cost between $200,000 to $350,000, but also the surrounding area. This can result in an additional $1 million in collateral damage. Explosive attacks also pose a risk to the people in surrounding buildings, and flying debris can be a danger to passersby. While less destructive, hook and chain attacks can take less than two minutes and lead to losses of around $110,000 to $180,000.

To reliably diminish the success rate of physical attacks, a multi-layer approach that delays and neutralizes the objective of the attack is essential. Ultimately, the harder a safe is to access, the less likely it will be attacked. From advanced monitoring to strengthened locking mechanisms and inking solutions, the more safeguards a bank has in place, the better the chance they will be able to successfully discourage would-be criminals.

Methods vary by region

Complicating modern efforts to defend ATMs is the fact that different regions will often face region-specific threats. Explosive attacks have been troubling institutions in Europe and Latin America for years, while hook and chain attacks are exceedingly popular in the U.S. Furthermore, skimming no longer plays a significant role globally in some countries because the appropriate regulations apply, but in other regions, such attacks need to be closely monitored.

Depending on the threat, there are often different regulations in individual countries to which protective components must be installed as security technologies in ATMs. It is essential to carry out a comprehensive risk analysis of any potential ATM site to better understand how to appropriately monitor the devices and to link the various protective measures with each other.

The concept of ATM security is not new — there will always be those looking to quickly gain access to either the cash in an ATM or card holder data captured "in transit" — but the methods being used to attack ATMs call for a smarter and more holistic approach to ATM security.

Leveraging a unique, global security knowledge base and scale, businesses across the world can develop an ironclad strategy built on a flexible and modular approach. Ultimately, all financial players should consider a multi-layer plan to secure their systems based on a risk assessment, regular updates and real monitoring to be better positioned in the fight against constantly evolving attackers.

INCLUDED IN THIS STORY

Diebold Nixdorf


As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.

LEARN MORE
REQUEST INFO FROM SELECTED SUPPLIERS

REMOVE ALL

Simon Powley

Currently role includes:
End to end management of the Global Retail Self-Service business, leading a global team responsible for:
- Business Strategy and Growth
- G2M Strategy, 
- Product Strategy & Lifecycle Management (HW/SW), 
- Pre-sales/Solution Specialist Teams
- Consulting Practice

Connect with Simon:  

KEEP UP WITH ATM AND DIGITAL BANKING NEWS AND TRENDS

Sign up now for the ATM Marketplace newsletter and get the top stories delivered straight to your inbox.

Privacy Policy

Already a member? Sign in below.

  or register now

Forgot your password?


You may sign into this site using your login credentials
from any of these Networld Media Group sites:

b'S1-NEW'